I don't think that their attacks are necessarily illegal or immoral. As long as they don't break into other people's computers, launching DDoS should not be treated as a crime by default; we have to think about the particular circumstances in which such attacks are launched and their targets. I like to think of DDoS as equivalents of sit-ins: both aim at briefly disrupting a service or an institution in order to make a point. As long as we don't criminalize all sit-ins, I don't think we should aim at criminalizing all DDoS.

That's part of a larger post, where he worries that the government will overreact to these forms of attacks and use it to try to get greater oversight over the internet, and force less anonymity online. Of course, I would imagine that any such attempt to do so would backfire, and simply drive forward efforts to create more truly distributed and underground connections.

Later, Morozov notes that, in Germany at least, courts have said that activism-driven DDoS's are, in fact, the equivalent of a sit-in.

I can see both sides of this argument. Of course, you can also argue that a basic sit-in is a form of trespassing, and thus against the law, but we tend to tolerate it for the most part. But, like many sit-ins, I think the bigger issue is that I'm not convinced these DDoS attacks are even remotely effective. Do they get attention? Yes, absolutely. Especially the attacks on Visa and MasterCard. But will it actually do anything productive? That's not clear. It might make some companies think twice before doing certain things, but I'm not sure it will really matter that much.

The longer term effects may be more damaging. I'm not convinced the government would actually be able to successfully crack down via any attempt to get greater oversight on internet usage, but I think that there is the potential that these forms of attacks will backfire and could make people take the real issues behind censorship and online freedom less seriously, as they're associated with what's viewed as a sort of immature and sophomoric approach to the discussion.

Reasoning by analogy

I don't think reasoning by analogy is all that helpful here. Many of us here have been on the 'net long enough that we can look at a DDoS for just exactly what it is. No more. No less.

What does it gain us to argue about whether it's more like "a lunch-counter sit-in" or more like "a terrorist throwing a bomb"? Instead, we can reason directly. A DoS attack is an attempt to deprive others of the use of computing resources. It has collateral effects on upstream router capacity.

Re: Reasoning by analogy

Yes, and protesters chaining themselves to the front of some bank-full of assholes impedes the banks customers from going in. It also has collateral effects on local vehicular traffic.

What's your point? Are you saying the analogy is unnecessary as both are obviously a social phenomenon root in individual citizens acting as a group for their own benefit? Because if that's the case, I must agree with you.

Re: Re: Re: Reasoning by analogy

Re: Re: Reasoning by analogy

What's your point?

I'm saying that —for all too long— I've watched the lawyers make an utter mess out of their thinking on “cyber-security”. The lawyers attempt to argue by analogy to this or analogy to that. And then when you look at what they come up with, the results suck.

Otoh, I have a technical education. I suspect that many other commenters here also have a technical education. Or, at least, commenters here have enough technical experience.

We can discuss (D)DoS attacks in concrete terms. And —I hope— cut out a lot of the sloppy thinking.

Re: Re: Re: Reasoning by analogy

The analogy is necessary. Parsing out the details of why a sit-in is sort of protected speech is not going to get us very far. but if a ddos is like a sit-in then we can go ahead and agree that it is protected and leave the much bigger question of why we protect it to another day's debate

Re: Re: Re: Re: Re: Re: Reasoning by analogy

I can't help but wonder what TD's opinion would be if this site was DDoS'ed every other day for a month. I suspect there would be legal action taken, not just a good natured smile as the owners go "Hey, maybe we should listen to the protesters!".

Not suggesting any attack on anyone here, just asking a hypothetical question.

Re: Re: Reasoning by analogy

The big difference is that in a sit-in, you need to gather X number of people who want to participate, get them to the location, etc.

DDoS is generally like one person kidnapping X people and forcing them to the location to "sit-in".

In other words, if the DDoS uses computers owned by the activists, then it's very similar to a sit-in and should be "protected speech". If it uses a botnet of compromised computers (quite likely), then it's a crime.

Re: Re: Re: Reasoning by analogy

Does it make a difference whether the originating hosts use their isp-provided public ip addresses? Or does it matter if the originating hosts spoof the origin ip address?

Further, does it make a difference if spoofed origin ip addresses are generated from non-routable ip space? Or if the origin ip addresses are spoofed from space legitimately routed to other parties? In the same asn? Or global third-parties?

Fwiw, I've gradually become more-and-more in favor of egress packet filtering. Especially from consumer networks. Yeah, it breaks legitimate routing setups—but as a practical matter, we don't see asymetric routing to/from leaf-nodes on consumer nets. The vast majority of consumer hosts are singly-homed.

Re: Re: Reasoning by analogy

After reading "The Anarchist in the Library," it puts these cyber-attacks in a new perspective.
Now, Lobo Santo puts this into an interesting context.
Sit-ins, direct action, etc. all require an active, aggressive - sometimes non-violent - group action to hinder an ongoing issue. E.g., if you'll forgive the loft allusion, Rosa Parks sat in the bus actively, knowingly trying to make a point against racial segregation. In the process, she also impeded other segregationist whites from continuing with the status quo.
Anonymess, as it were, are making themselves heard, and for a reason. However, most of their actions are passive and collaterally affect legitimate "business." No customer will be presented (in the instance of PayPal) with a page saying that "PayPal is evil, here is why, this was done by Anonymous." Customers would be unable to access their funds for maybe a couple days. The sit-in theory is now bunk.
Back to the Parks allegory: these actions would be more along the lines of Parks sitting at the bus stop protesting segregation without actively stopping the segregationist seating policies.

Re: Re: The Difference

Re: The Difference

I'm pretty sure most people know there have been DDOS attacks on Visa and Mastercard. That might cause them to seek more information.

Granted if I go once and get a blank page I might not think twice about it, but if a site is down for more than a couple seconds I might email support or try a quick Google search to see if anything is going on.

Re: Re: Re: The Difference

The majority of the people blocked here know as well. That's the whole 'media aspect' point of it.

Of course, your point (That the sit-in was to inform passers-by.) is moot, because it's not true. The point was to gain media attention, both now and with Birmingham. The people who were blocked from service were incidental.

Re: The Difference

"A DoS attack just gives users a blank page"

...which causes them to go to Google or a news site, or call customer services and try to find out what's happening. Since the media is reporting that the attack is due to their Wikileaks stance, the customer then knows what's going on.

Re: Re: The Difference

Nope. Speaking from the perspective of a computer technician, most people simply assume that it's a problem with their connection.

People who are more technologically savvy would be more likely to assume that it's an issue with the web site and a subset of those people would go to find more information, but I think you're overestimating Joe Consumer's understanding of technology a bit.

Re: Re: The Difference

...call customer services...

People who've worked the help desk know that management routinely orders them to lie to users/customers. Especially regarding security-related outages. That is, if the helpdesk droids even know what's going on themselves.

Killing worker morale might be reasonable goal. But it's kinda hard to imagine morale in network support services going much lower than it already is.

There's absolutely nothing wrong with that. It is, if i and 999 other people decided to refresh a certain website for no reason all the time just because we're bored. What are they gonna do? Arrest us for idle hands?

Re:

Yes, if they decide it's worth the bother. Intentionally denying service is illegal. Full stop. Fortunately for the participants, it's also only really annoying rather than seriously harmful, so you likely won't be prosecuted.

I can just imagine the conversation of doing this DDoS. "We gotta take these bastards. Now we could do it with conventional weapons, but that could take years and cost millions of lives. No, I think we have to go all out. I think that this situation absolutely requires a really futile and stupid gesture be done on somebody's part!"

A sit-in is illegal, the question is, will authorities treat it like a sit-in (no serious charges) or will they drop a hammer. Of course, some sit-in's had authorities drop a hammer in the form of night sticks.

Re:

"A sit-in is illegal"

Depends on where and when. There have been plenty of sit-ins at my university in the administrative offices. If you do it during normal business hours, you're fine. It's only if you try to stay there when they're closing the building that they'll call the cops. If it's a public place during normal hours, a sit-in should be perfectly legal.

Re: Illegality

I am not sure if the can get this prosecuted as a traditional DDOS. With LOIC no one is really in charge and no laws are broken. No computers were used without permission and no unauthorised access was gained. Who you to tell me how I use my internet connection that I pay for.

All you can really say for certain is that the owners of these websites have attracted attention to themselves and didn't have the infrastructure in place to handle the interest. Are Slashdot and Fark breaking the law by DDOSing the occasional website?

Not a sit-in... Vigilante tactics

There is a big difference between sit-ins and DDOS attacks.

Sit-ins were peaceful protests, conducted by people willing to stand (or rather sit) for their convictions. They courageously looked their enemy in the face and said "What you are doing is wrong." Yes, the sometimes blocked access (that is still done today in strikes). Yes, they inconvenienced businesses. They didn't shut the business down. They simply made their voice heard.

Those who chained themselves to doors were not "sit in protesters". They were a bit more-- forceful. Sit ins were peaceful demonstrations of objecting to unethical behavior through simple statement to catch the attention of the public. They did not try to offend onlookers; their goal was to obtain sympathy... and action. They served a purpose.

Internet attacks are done anonymously. They hide behind their keyboards, showing neither courage nor conviction for their beliefs. They take malicious and premeditated action against a chosen target. As such, they become vigilantes. Rather than assuming the role of peaceful protesters, they take the role of vandals.

DDOS attacks are neither peaceful nor legal. It is an act of vandalism, intentionally harmful to others. It is a breach of Federal law. That is not the solution to making a legal point.

These are malicious attacks... cybercrimes. No matter how much in the "right" the perpetrators think they are... they become un-right the moment they cross the legal line. They use anarchy and chaos as their tools rather than offering constructive solutions. They choose the easy, fast, forced solution rather than trying to gain sympathy and a permanent, beneficial solution.

Some may consider this rebellion. Some may consider this "tea party" activity. And in that they may be correct. Sometimes the only solution to a problem is to pull out the big stick. But make no mistake: this is by no means a "sit in". That analogy is bogus.

These DDOS hackers are neither peaceful, nor courageous, nor do they make any point other than "We have the power to impose our will on the public." In that... they perhaps become no different-- and no better-- than the companies they attack.

Re: Not a sit-in... Vigilante tactics

Sit-ins were peaceful protests, conducted by people willing to stand (or rather sit) for their convictions.

Yes, because the riots in Birmingham were peaceful. Yeah. Right.

Yes, they inconvenienced businesses. They didn't shut the business down. They simply made their voice heard.

Lolwhut? Martin Luther King, Jr. disagrees with you.

They did not try to offend onlookers; their goal was to obtain sympathy... and action. They served a purpose.

To quote another wonderful Wiki: By attracting media attention to the adverse treatment of black Americans, it brought national force to bear on the issue of segregation. Although desegregation occurred slowly in Birmingham, the campaign was a major factor in the national push towards the Civil Rights Act of 1964, which prohibited racial discrimination in hiring practices and public services in the United States.

To be clear, I'm comparing these attacks to the protests in Birmingham, which were not peaceful, not fast, but were both purposeful and successful.

Internet attacks are done anonymously. They hide behind their keyboards, showing neither courage nor conviction for their beliefs. They take malicious and premeditated action against a chosen target. As such, they become vigilantes. Rather than assuming the role of peaceful protesters, they take the role of vandals.

The Birmingham protesters were pretty darn faceless, but that's a moot point, anyway. I don't recall the names of any members of group protesters in history, and I certainly don't remember a lack of anonymity being part of the civil disobedience laid out by King.

As for 'malice', I don't think that word means what you think it means.

DDOS attacks are neither peaceful nor legal. It is an act of vandalism, intentionally harmful to others. It is a breach of Federal law. That is not the solution to making a legal point.

It certainly has been previously. Can you explain what's changed, between now and Birmingham?

These are malicious attacks... cybercrimes.

Again, I don't think that word means what you think it means.

No matter how much in the "right" the perpetrators think they are... they become un-right the moment they cross the legal line. They use anarchy and chaos as their tools rather than offering constructive solutions. They choose the easy, fast, forced solution rather than trying to gain sympathy and a permanent, beneficial solution.

Rather than? You mean, because legal options have failed, right? Since that's the actual situation.

Again, the parallels to Birmingham are huge. Do you really not see them?

Some may consider this rebellion. Some may consider this "tea party" activity. And in that they may be correct. Sometimes the only solution to a problem is to pull out the big stick. But make no mistake: this is by no means a "sit in". That analogy is bogus.

So a protest that's almost a textbook version of what the most successful protester in US history did isn't actually a protest? Huh. Good to know that your opinion is so idiotic.

These DDOS hackers are neither peaceful, nor courageous, nor do they make any point other than "We have the power to impose our will on the public." In that... they perhaps become no different-- and no better-- than the companies they attack.

Many of the Birmingham protesters weren't peaceful, either. But they were successful.

Define Fascism

"a governmental system led by a dictator having complete power, forcibly suppressing opposition and criticism, regimenting all industry, commerce, etc., and emphasizing an aggressive nationalism and often racism."

The only thing that does not fit is that the US does not have a dictator, but a behind the scenes dictator committee. Everything else is apt.

Ignorance Must Be Nice, Guys

Sometimes the lack of common sense in supposedly intelligent people astounds me. Here's one real life consequence: I cannot access the $2,000 that was paid to me through PayPal on Wednesday because of the attack. I was already well aware and previously supported Wikileaks. If anyone thinks the attacks were harmless and only affected the big bad giant PayPal, they are dead wrong. Thousands (more?) of people have money in limbo now (and those are just the ones I know) thanks to this harmless sit in. This is the money we use to feed our kids and pay our electric bills. Thanks.

Re: Ignorance Must Be Nice, Guys

What about wikileaks, they can no longer recieve donations for their site via two commonly used CC's. If you think this censorship is harmless and only effected the big bad Julian Asasnge, you are dead wrong.

You know thousands of people, not by just a ''hi bob'' as you walk past, but personally enough that they tell you of their finanical troubles? And you have time to post on a forum? Damn you must have at least 30 fingers there mate.

Did you consider phoning paypal? Perhaps organising something in a non-internet fashion?

Re: Ignorance Must Be Nice, Guys

read their terms of service. they can do this to you Voluntarily, and be perfectly in line with the contract you sign.

they have done worse, in their own right, to other charity organisations for less righteous reasons.

so, this event has drawn your attention to it. and probably that of many others. now, the question is, do they find out who did it and why, or do they simply accept that wikileaks is bad and add this to the pile of reasons, missing the fact that operation: payback is a different entity?

Re: Ignorance Must Be Nice, Guys

Thousands were affected in Birmingham as well. It sucked for them, as well.

When legal and diplomatic options disappear or are exhausted, civil disobedience occurs. This isn't the fault of the protesters, rather the administrations that allowed the situation to dissolve into protests.

Please pardon me if the fight for my civil rights are interfering with your commerce.

Re: Ignorance Must Be Nice, Guys

Re: Ignorance Must Be Nice, Guys

Sorry to hear that, it does suck nards that people think of themselves with no regard for others, that may actually rely on you know, Money, and have a requirement to you know, actually feed and house your family..

Why should you live you life without issue, because someone does not like a web site ?

These people do not think about anyone else, again, its pathological narcissism, no empathy, they do what they like with no regard for the effects of their actions.

just like wikileaks and assange.

you think releasing the names of afgan contants with the US military does not put those people in mortal risk ?

How would you like a like of all the 'spies' in your area, how much easier would it be to just shoot them..

People will die, and people are also allready suffering, and people who have nothing to do with wikileaks are suffering because of the illegal act of a few stupid, immature people..

Happy to see them all in prison..

A sit in, is not anonymous, and it is peacefull, they take no agressive action, a DDoS is anonymous and has nothing but agressive actions.

Re: Re: Ignorance Must Be Nice, Guys

Re: Ignorance Must Be Nice, Guys

Wow, did anyone else notice that this guy claims to be a journalist?

Hey, if you're a journalist, then this is partially your fault. If you'd been doing your job, Wikileaks wouldn't be necessary in the first place. Next, where was the support for the site that you jerks were getting all of your material from? We wouldn't have to protest this way if you were (Again.) doing your job. Last, you're the perfect person to be injured by this. Why should you be paid when you weren't doing your job?

Welcome to the kettle.

For many years I protested in public in the UK, they told me I had the right to protest and yet every time I stood up to ask for my voice to be heard, it was not only ignored I had to sit in detention. I had my photo taken, I was marginalised and my protest was ignored by the media. A little kettle to blow off steam, barely reported the next day. Hey were invading Iraq! A million poeple on the street. I know exactly what those guys are going through and I never had it that cold. And I was there before even that. I was there on the poll tax and fox bills.

A lot of us got tired sitting in a corden of police, having our bimometrics taken and some of us started looking for another method to make our feelings heard. We tried really hard to be polite but we got really bored with the press not paying attention. We learned that leasson the hard way.

You have to either make a story or be the story and still they get to frame to story.

Not a sit in ... maybe a serious crime

Ddos a service like masterCard or visa may cause more serious problems ... Trespassing is a crime & if we dealt with sit-ins using trespassing laws maybe people would respect more laws.

Too many laws are being bent & manipulated to permit people who don't know how easy they have life to express their dissatisfaction with the comforts they take fro granted. Maybe an apocalypse would give them something productive to do while they try to scrounge up enough food to survive ....

Re: Not a sit in ... maybe a serious crime

if this is not trolling or sarcasm, you need to go investigate WHY said people have it so 'easy'.

hint: it's because their predecessors refused to accept the same type of crap they're objecting to now. (in some places violently, in others simply by going 'well, that didn't work' and trying a different path.)

Re: Not a sit in ... maybe a serious crime

Sorry, but DDOS attacks do not interfere with credit card purchases. You just can't reach their website and we all know how everyone who uses MC and Visa have to be able to visit their website as well.

Have you ever even visited their website? I know I haven't but use their cards for over 20 years now.

I shudder to think of the mentality of a person that would suggest that a DDOS is anything remotely like trespassing.

Maybe when your rights are taking away you will realize that these people are fighting for freedom from oppressive governments and corporations. No apocalypse needed :)

Protest DDoSes are *normally* fine, but the main harm here ISN'T done to the targets

There's definitely a grey area here, but IMO, this most definitely crosses the line, not because of the act itself (which under normal circumstances, I would agree is just a huge scale tech-based sit-in), but because of the collateral damage dealt to people who have nothing to do with the targets of the protest.

On one hand, yes, sit-ins DO disrupt businesses. If all of the seats in a restaurant (or whatever) are occupied by protesters, that leaves no room for actual customers, leaving the company paying staff to serve no one, which is going to cause an obvious financial loss. Similarly, there have been campaigns in the past to hit a company's phone lines with thousands of protest calls, raising the hold time for actual customers to ridiculous enough levels that they give up, and again, this is obviously going to cause directly lost money as people hang up, cancel the sale, and call the competition.

On the other hand, as has already been pointed out, disrupting payment systems does NOT just harm the companies operating those systems, it does huge damage to those who really need a payment to clear ASAP. The damage to people that have nothing to do with these companies can range from fairly minor (losing $20-$35 to a bounced check or late fee) to financially crippling (I can virtually guarentee that at least one homeowner failed his last chance payment to stop a foreclosure because of this attack.) If a store or restaurant is blockaded by picketers or sitters, you can just go elsewhere. If all 3 major forms of payment are blocked, there isn't an elsewhere to go.

This actually raises a very important question - what exactly IS the correct way to protest the actions of a payment processor? Because their service meshes with basically everything else, and because it's a very abstract service, how can one direct a protest such that it impacts the companies involved beyond just a 15 second blurb on the news, but without catching innocents in the crossfire?

A simple boycott wouldn't work, because it's impossible to tell who's boycotting, and who simply hasn't purchased anything in a while - especially in this economy. There's also the issue that business transactions are the majority of their profits, not personal ones.

A picketing protest wouldn't work, because where would you put it? This is an international protest against international corporations and multiple governments. Additionally, picketing corporate HQ does absolutely nothing to the actual business operations.

You could make an official declaration of taking your business elsewhere, but there isn't an "elsewhere", and they know it. There are many, many sites where only 3 forms of payment are accepted, and yeah, it's the 3 the protest is directed against.

So in short, I think the DDoS is well-intentioned, but does far too much damage to innocents to be an acceptable tactic when it's aimed at this type of company. I unfortunately don't have an alternative for what they should do instead.

Re: Protest DDoSes are *normally* fine, but the main harm here ISN'T done to the targets

When legal and diplomatic options disappear or are exhausted, civil disobedience occurs. This isn't the fault of the protesters, but rather the fault of the administrations that allowed the situation to dissolve into protests.

Please pardon me if the fight for my civil rights are interfering with your commerce.

Re: Protest DDoSes are *normally* fine, but the main harm here ISN'T done to the targets

"I can virtually guarentee that at least one homeowner failed his last chance payment to stop a foreclosure because of this attack."
So they can't pay their mortgage but have good standing and credit with a card?

"I'm going to pay this 2% interest loan with an 18% interest loan."
Must be going for too big to fail.

Re: Re: Protest DDoSes are *normally* fine, but the main harm here ISN'T done to the targets

Last chance payment? No such thing, dear. If you mean that they missed their payment deadline, they can still pay up even after the foreclosure paperwork is filed. If you mean they had the opportunity to pay the day that the foreclosure went to court (If it went to court, depending on what state this hypothetical homeowner is in.) then they can still pay up and get a forbearance. If you mean the sheriff will be knocking on the door tomorrow, they can file bankruptcy. Actually, you can file bankruptcy and retain ownership (Residency?) even after the place has been auctioned off, although it's harder.

I love discussions like this, because TD is once again dragging you down a blind alley to avoid the obvious facts of the matter.

A DDoS starts with an illegal activity, usually the hacking of servers or individual user computers to install a virus, trojan, or back door to allow those resources to be used in the DDoS attack. So before they even start the DDoS, they have already broken the law. Think of it as stealing a fleet of cars to drive to your sit in.

Then the sit in starts. There is one catch, however, none of the protesters are actually sitting in. They have instead forced without consent hundreds or thousands of people to be their surrogate sit-iners, forcing them against their will to occupy the target website.

The protesters hide behind internet blinds, VPNs, open relays, and hacked computers to run command and control over the bots or machines that they control. I suspect many of them went out for a soda, went to class, did their 10th grade math homework, or maybe had dinner with mom and dad while their software tools continued to force others to sit in for them.

However, if 1 million people all kept reloading the Mastercard front page individually, occupying their own time by having to constantly, manually hitting the reload key, then they might have some standing. But a DDoS is nothing but a digital bully act by a comparatively small group of people.

A sit-in requires commitment and action by a large group of people. 5 people outside mastercard's headquarters with picket signs would not stop customers from accessing their accounts.

To consider a DDoS as anything other than a cyber crime is a logical dead end.

Re: Re:

Marak, sorry, but nobody would do a DDoS in the open from their own computer. Actually, at least one moronic 16 year old did, and he was already arrested. A DDoS from your own computer is pretty much an invitation to get arrested.

Bot-nets can do what you want. Many of them are used for spam, but some of them are used for DDoS attacks.

Since you can't get the basics right, please don't try putting words in my mouth, because your words are wrong.

Re: Re: Re:

Re: Re: Re:

Cant get the basics right? I know quite a few people working with the loic, i definatly know what im talking about.

As for being arrested, they actually have the argument of "i was hacked and put on a botnet" setup already. Difficult to prove they were doing it themselves.

So back to my point, and as others have pointed out, the loic is generally done from normal every day computers, some run under protection, i know many who do not. Frankly quite a few are hoping to get arrested for it, then it gives them a much better platform from which to protest.

Re: Re: Re:

Marak, sorry, but nobody would do a DDoS in the open from their own computer. Actually, at least one moronic 16 year old did, and he was already arrested. A DDoS from your own computer is pretty much an invitation to get arrested.

I see that you don't understand how LOIC works. Here's a good place to start:

Re:

A DDoS starts with an illegal activity, usually the hacking of servers or individual user computers to install a virus, trojan, or back door to allow those resources to be used in the DDoS attack.

Just to clarify, my understanding is that the DDoS actions in this case are not involving such a botnet, but a group of about 9,000 volunteers.

I still don't think it's a good idea, but there's been no indication whatsoever that it involves hijacking anyone's computers. Might as well stick to what's actually happening, rather than basing claims on fanciful conjecture.

Re: Re:

9000 computers would not be enough to generate the traffic to bring these sites down,and certainly not for that length of time. It wouldn't take 7 or 10 hours to block the IPs at the border. The numbers just don't add up. Even the most inexperienced of network operators could easily mitigate such a mindless attack.

Since the numbers don't add up, I suspect the truth is in the middle: Lioc is the nice cover for a more organized botnet campaign, using probably hundreds of thousands of machines.

Ask your technical people, they will tell you. 9000 is not enough to sink a large collection of load balanced machines (similar to what these targets use).

Re: Re: Re:

9000 hosts x 1 Mb/s/host (upload) = 9 Gbps

Admittedly, I just made a wag at 1 Mb/s upload bandwidth per host. On the flip side of the equation, those numbers fall squarely into what's been reported.

I agree though, that a hash table to filter out 9000 discrete ip addresses is not difficult. The only moderately expensive thing is doing it at line speed without asic. Iow, hitting cpu at every packet.

Most DDoS attacks are generated by botnet zombie computers that have been compromised by viruses so whether a DDoS attack in itself is illegal is somewhat irrelevant when the means used to achieve it certainly is.

Although, I personally think this is a much better use for a botnet than sending out the "prescription-free Vicodin" spam they usually do.

Yeah, the blacks weren't sure, either, but the situation was bad, and they'd run out of things to try. These attacks meet all of MLK, Jr.'s standards for civil disobedience, which pretty much closes the argument for me.

Re:

Rose, civil disobedience isn't exactly the same. This is a small group of people dragging thousands of other people unwillingly into blockading a company for exercising their rights.

Free speech is a two way street. MC, Visa, and Paypal all have the rights to refuse to do business with Assange. That is their right. The anon children may not understand that basic life lesson, but hopefully their grade 11 civics class will cover it so they can finally figure it out.

Denying the rights of one to somehow promote the rights of others isn't exactly fair, now is it?

Re: Re: Re:

Rose, lioc is a botnet. Some people join it willingly, others are virus'ed into it. There is no way to tell if the users are willingly part of the deal, or are not. As an example, someone in a school could go to a room full of computers, and join in. Would the school be willing or unwilling? A simple virus / rootkit could be used to install a lioc client on any number of computers.

So the answer is the reverse: if people are willing members of a lioc, why do they not have the guts to reveal themselves and stand up for their convictions?

Further, it is likely that it could be found as a conspiracy to commit a computer crime. That a snot nosed 16 year old was found in control of one of these things should tell you all you need to know.

As for "it wasn't fair in birmingham", nobody has shown where anyone's rights have been trampled here. This isn't "back of the bus use the other water fountain boy" stuff. If you feel that way, I pity your children for the home school education they are getting.

Re: Re: Re: Re:

There is no way to tell if the users are willingly part of the deal, or are not.

An equally likely theory is that everyone using LIOC is doing so willingly. Certainly, there isn't any evidence suggesting otherwise.

So the answer is the reverse: if people are willing members of a lioc, why do they not have the guts to reveal themselves and stand up for their convictions?

Yes, and those Iranian and Chinese folks who are getting real news out under a curtain of censorship should also rise up and reveal their names, right?

Is that you, Joe?

That a snot nosed 16 year old was found in control of one of these things should tell you all you need to know.

A 'snot nosed 16 year old'? Really? Wow. I guess the children and snot nosed black teens that were arrested in Birmingham were equally deserving of your contempt.

Really, I'm not sure what the age of a single user, or whether or not he's suffering from a sinus infection, has to do with the case in hand, where we have a very large number of people who are using LOIC to make a point, and to bring the media into this issue, just as Dr. King and his compatriots did in Birmingham.

As for "it wasn't fair in birmingham", nobody has shown where anyone's rights have been trampled here.

You obviously have no idea what you're speaking of, whatsoever.

This isn't "back of the bus use the other water fountain boy" stuff.

In your opinion, it's not. Obviously, millions of LOIC users disagree with you. Of course, many people didn't feel like civil rights were a big deal back then, either. Regardless of your personal view of the validity of the underlying issues behind this protest, the parallels remain the same.

If you feel that way, I pity your children for the home school education they are getting.

I already pity whatever institutions spat you out, since you have shown that not only are you unable to understand the underlying issues, but you lack the ability to Google the terms 'LOIC', 'civil disobedience', and 'unwilling'.

Re: Re:

"Denying the rights of one to somehow promote the rights of others isn't exactly fair, now is it?"

There was this one president that send the army to a local protest being held against a factory, but instead of helping the local enforcement the army was send to guarantee those people protesting would have a venue to their grievances to be heard, much to the dismay of the local authority.

Was that fair?

"Rose, civil disobedience isn't exactly the same. This is a small group of people dragging thousands of other people unwillingly into blockading a company for exercising their rights.
"

Small group of people?
Do you know how much bandwidth it is necessary to successfully DDoS a website from one of those companies today?

Hint: A thousand people with broadband doesn't cut it, not even close.

This is a gigantic demonstration of displeasure from a large group of people, probably in the 6 figures range(100's of thousands).

"Free speech is a two way street. MC, Visa, and Paypal all have the rights to refuse to do business with Assange. That is their right. The anon children may not understand that basic life lesson, but hopefully their grade 11 civics class will cover it so they can finally figure it out."

Can they discriminate against people because of their color? religion? political affiliations?

As you so conveniently pointed out nobody is free to do everything. In a democracy the majority is the last word not a small group of people trying to save their asses.

To be clear...

When legal and diplomatic options disappear or are exhausted, civil disobedience occurs. This isn't the fault of the protesters, but rather the fault of the administrations that allowed the situation to dissolve into protests.

Please pardon me if the fight for my civil rights are interfering with your commerce.

Pathological Narcissism

yes its a crime, it does not matter who the target of the attack is, if you like them or not, what they are doing is criminal. Its against the law, and its a criminal activity.

To say 'as long as you dont hack into anyone's computers'.

We'll a DDoS is launched from a botnet, a botnet created by the bot master.

The botnet is a large number of computer that the bot master has allready hacked into, to make them his tools for the attack.

That's why its called a Distributed, denial of service attack..
Plus they incited others to also attack those sits, again that is against the law, to incite crime.

The law, and Governments in general do not like people taking the law into their own hands, and acting on their choices with no regard for the actual law..

But if you think resorting to terror tactics, and bullying will gain you any advancement of your cause, then they are wrong..

clearly, this is doing far more damage than good, and btw it did not work, i could access MC, Visa, and the paypal sites without delay or problem..

So you have people saying on the news that these sites are off the air, due to an attack, so you go and check those sites, and they are still there, happily working as normal..

Kind of makes that type of attack, look childish, and appear ineffective and to have failed.

I still cant work out why you are happy to have wikileaks and assange censoring and withholding information. But it is not ok for the owners of that information to do it.

Assange is a pathological narsisst, he meets all the requirement and profile of one.. that will be his downfall, if not allready.

Pathological Narcissism"A pattern of traits and behaviours which signify infatuation with one's self to the exclusion of all others and the egotistic and ruthless pursuit of one's gratification, dominance and ambition."

Re: Narcissism or Darryl describes himself

Hey Duuuryl have you even read about what is going on? First, there is no bot net DUUUR! Second, you admit no one has even been inconvenienced DUUUR! Lastly your psychological analysis is dead on for yourself but doesn't even remotely describe the reasons that Assange has chosen to be the face of Wikileaks DUUUR!

I am beginning to think you must be on some psychotropic or other chemical restraint because you apparently are just babbling incoherently ignoring all facts. This blatant disregard of reality speaks bounds about who you are.

YMMV

If this image is to be believed—and I have no reason not to, other than that I found it on the internet—the rebel squadrons behind Anonymous (attn. "news" hacks - that would be an entirely different group from Wikileaks and/or Wikipedia) are about to change their approach. So far, as we've witnessed, they have been launching point-and-click distributed denial of service (DDoS) attacks at companies perceived as the enemies of Wikileaks. Those targets included Mastercard, Paypal, and Visa (companies that froze donation funding), and Amazon (which denied hosting services). The new approach suggests more sophisticated thinking. This new mission, apparently, is to actually read the cables Wikileaks has published and find the most interesting bits that haven't been publicized yet, then publicize them.

Collateral Damage

If the purpose of a 'sit in' was not to make it so people could not use the services in the place, (all the people complaining they could not use paypal for whatever reason), then there obviously would be no point to sitting in the place at all. Paypal and Mastercard was targeted because they bowed to political pressure(they can deny it all they want but we all know that's a bunch of bs). People being unable to use it is a side effect of their choice, and the choice that the responders made. It is like going to war - civilians are going to die to, whether you like it or not.

Operation Payback Communique

Re: Operation Payback Communique

OMG, that video is classic comedy.

The funny part? This version of anonymous has revealed itself in this video. It would be the same small cluster of morons that travel to all the G8 and G20 meetings and start riots, damage "capitalist" store like McDonalds, and hold the local population hostage by turning the city where the meetings are happening into a war zone.

Supporting these marxist turds is a waste of your time. These people are dangerous, and do not want anything other than their sick and twisted policies to rule the day, without compromise.

Oh, anyone notice who is supporting Wikileaks? Lula? Putin? I am waiting for supporting statements from Castro and Chavez to complete the set. It isn't about free speech, it's about bashing America at every turn. These guys are getting a thrill out of watching the US get run through the mill, and they want wikileaks to keep doing it. The tune will change as soon as the Russian documents start coming out. Then Assange will be enjoying Siberia.

As long as all participants are voluntary

As long as all participants are voluntary (i.e. no botnets), there's no attempt to extort and the main purpose is to make a statement, then in my mind such a DDOS attack is certainly morally defensible.

No single participant caused the service to stop, so really how could anyone be convicted of anything?

Rose Welsh: "Yes, because the riots in Birmingham were peaceful. Yeah. Right."

If they were RIOTS Rose, they weren't "sit-ins". Sit-ins means SITTING. If people choose to adulterate that concept and throw in violence... they go beyond the concept to open revolt.

"Rather than? You mean, because legal options have failed, right? Since that's the actual situation."

What legal options were tried and failed Rose? I'm not aware that this group actually tried legal options before imposing their opinion by force.

Rose: "Good to know that your opinion is so idiotic."

Right back atcha Rose. Honestly, all I see in your post is a lot of attitude and heated ranting rather than offering solutions to a problem-- or even factual observations. You're entitled to disagree with any post here. When you stoop to insulting others for their opinions... All such a post indicates is a lack of emotional maturity; it surely does not convince me your opinion is trustworthy or even worth reading.

Bruce: "Keep fighting, and may the fascists keep martyrizing us."

Anonymous: "Unfortunately, given the network we currently have, we can't tolerate all that many DoS attacks."

Anonymous makes a very good point here... a lead in to a point I felt might be worth making today.

I'm seeing all kind of emotional statements in these matters, and freely-thrown-about labeling of "fascist", "martyr" etc etc. I don't see any martyrs here (anyone hear a report of someone dying over this issue?).

"Godwin's Law" is where you try to win an argument by comparing your opponent to hitler or nazis or whatever negative term will gain public sympathy. Someone disagrees with you: he's a Nazi. Someone's viewpoint is conservative: he's a Fascist. Such claims bring neither respect for the poster nor validity to the post.

It's easy to try to propagandize a situation by openly used negative terms. It's another to present viable observations... or even possible solutions.

There are many rights and wrongs on all sides of this issue. However, using DDoS to enforce one's opinion is not a proper solution. It IS a criminal act. It is indeed ALSO an act of protest, but that does not decriminalize the action.

Which brings us to Anonymous post. As he rightly points out, such attacks affect more than just the target. They affect those who use credit cards. They affect the Internet itself. They don't care about who is hurt by such actions... or how seriously they're hurt. The perpetrators simply strike out vigilante-style at their chosen target.

Does it serve the purpose? Obviously; it caught the public eye. How many times do we think that trick can be used before the public gets tired of it and starts insisting such perpetrators be found and jailed? As is ALREADY apparent, this action has had as many negative effects as positive... perhaps moreso.

"Welcome to the digital age"? You must be joking. Yes, digital media has changed the way we do business. Yes, special laws need passed-- realistic laws-- to take that into account. But laws exist for a purpose: so that people are not hurt by other people. When people ignore and break laws just because they "can"... they harm others. Now perhaps they don't care. Perhaps they feel "might makes right". Perhaps they feel there will be no consequences. Perhaps the laws themselves are bad laws in the first place.

But don't tell us these people are peaceful "sit in" protesters and that their actions are not criminal. If their actions aren't criminal, then tell ya what: Let them go down to the nearest FBI office and brag that they were a major player in the DDoS attack.

Right or wrong aside, good or bad aside, warranted or unwarranted aside... this is NOT a "sit in" protest. This was a cybercrime-- using computers to vandalize data systems. Any twisting of concepts to state otherwise is imo, pure propaganda and rationalization.

Re: Re: Re:

Anonymous: "To bad you could never come up with something half as intelligent as Wayfinder's post."

Anonymous, thanks for the compliment toward me... but that was totally unwarranted toward Darryl. He was just stating his opinion just like anyone else here. He mentioned he disliked the "shoot from the hip" posts (those without thought... on the fly). I tend to agree with that; I wish more people would think before they post. But, even emotional rants serve a purpose.

Way I see it is this: everyone has a right to state his/ her opinion. So long as it is respectful, doesn't matter if it's dumber than a box of rocks (and I'm not saying Darryl is, at all). What matters is they're voicing what they think and feel, respectfully. Sometimes even a post that's way off base (imo) can contain a gem of wisdom. So I read 'em all, good or bad, smart or goofy. Sometimes the goofy ones are good for a chuckle and brighten my day a bit. :D

Law as crime

Well, yes, agreed. There are many laws that are in themselves crimes. Or as a friend once stated, "The criminal justice system is aptly named." ;D

However, most criminal laws are created because something has been found harmful to others... and enough people are doing it to warrant a law being passed to help curtail such.

Let's consider DDoS as an example. The people who perpetrate such attacks look at immediate gratification, not long term results or consequences to others. They think, "Hey, we have the skillz 'cos we're leet... so let's show these guys who's boss and make a point."

But like most criminal activities, they don't even think about consequences for actions. Excuse the "emotional ploy" here... but realistically speaking... they don't think about the mother who can't buy milk for her baby because her credit card isn't working. They don't think about the old person with a high temperature who barely made it to the pharmacy, and now can't get their medicine because the credit card systems are down.

They don't think about the guy who's needing to go visit a sick relative but can't... because the gas pumps are compromised.

In short, these people target an entity (in this case the big, bad corporations) and don't think about the thousands of everyday, innocent people they stab in the process. They don't think about the fact that... as far-fetched as it may seem at the outset... what they do may indeed result in someone's death. They laugh while they hide behind their computers, pat themselves on the backs for being so smart... and totally fail to be truly smart by thinking through what they're about to do. They create anarchy and chaos... which is almost always destructive in activity. (Mind you, I enjoy a little chaos in its proper place... but it needs to be well-done chaos.) :D

That's why DDoS is a criminal act. There is no telling what repercussions such has on the innocent. That's part of the problem of being human: even when we're basically right, we can't see the huge, overall picture. We're not omniscient. Our sight is limited. And what we do may very well cause severe consequences not only on ourselves... but on people we don't even know. Our "bullet" travels the distance and kills someone we couldn't even see when we fired it.

But as far as the difference between "criminal" and "right and wrong"... I think politicians would prove that point for you every day of the week. I can't argue with your basic statement.

Again we get to the ancient tea party issue: dumping tea overboard to make a political point. They likely hurt an innocent merchant a great deal while protesting government policies. It's also a shame they chose to do so while trying to frame others for the crime. So when it comes to such activities, one needs to make durn well sure their stance is correct and that there will be a minimum of "casualties" from their actions... because crimes, right or wrong in motive, usually have victims.

Wayfinder you're wrong

"Let's consider DDoS as an example. The people who perpetrate such attacks look at immediate gratification, not long term results or consequences to others. They think, "Hey, we have the skillz 'cos we're leet... so let's show these guys who's boss and make a point.""

Well aren't you a mind-reader. But let's just get to you're more loony idea: so if they had noble reasons, they would still be wrong?

"But like most criminal activities, they don't even think about consequences for actions. Excuse the "emotional ploy" here... but realistically speaking... they don't think about the mother who can't buy milk for her baby because her credit card isn't working. They don't think about the old person with a high temperature who barely made it to the pharmacy, and now can't get their medicine because the credit card systems are down. "

And those chaining themselves to the door of a supermarket do the same thing ;).

"They don't think about the guy who's needing to go visit a sick relative but can't... because the gas pumps are compromised."

*see above*

"In short, these people target an entity (in this case the big, bad corporations) and don't think about the thousands of everyday, innocent people they stab in the process. They don't think about the fact that... as far-fetched as it may seem at the outset... what they do may indeed result in someone's death. They laugh while they hide behind their computers, pat themselves on the backs for being so smart... and totally fail to be truly smart by thinking through what they're about to do. They create anarchy and chaos... which is almost always destructive in activity. (Mind you, I enjoy a little chaos in its proper place... but it needs to be well-done chaos.) :D"

Rosa Parks->Buses down->oh those poor white workers that couldn't get to work->->->what Rosa Parks did was wrong? Come on, how about some logical consistency here?

"That's why DDoS is a criminal act. There is no telling what repercussions such has on the innocent. That's part of the problem of being human: even when we're basically right, we can't see the huge, overall picture. We're not omniscient. Our sight is limited. And what we do may very well cause severe consequences not only on ourselves... but on people we don't even know. Our "bullet" travels the distance and kills someone we couldn't even see when we fired it."

Ok clearly you are talking out of your... now.

"But as far as the difference between "criminal" and "right and wrong"... I think politicians would prove that point for you every day of the week. I can't argue with your basic statement."

Yes, and I think you should update your beliefs to reflect that acknowledgement.

"Again we get to the ancient tea party issue: dumping tea overboard to make a political point. They likely hurt an innocent merchant a great deal while protesting government policies. It's also a shame they chose to do so while trying to frame others for the crime. So when it comes to such activities, one needs to make durn well sure their stance is correct and that there will be a minimum of "casualties" from their actions... because crimes, right or wrong in motive, usually have victims."

Sure, just like 'Anymouous'. "Our goal is not to stop people from making transactions."